This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User Library"
(Created page with "<h4>Introduction</h4> A User Library is for individual users in a system.") |
|||
Line 1: | Line 1: | ||
<h4>Introduction</h4> | <h4>Introduction</h4> | ||
− | A User Library is for individual users in a system. | + | A User Library is for individual users in a system. This library aims to provide functions that could ease the process of creation, maintenance and termination of users easily and safely. Users are the key component in any web application. Thus storing their identity in the system is of utmost important. The users make a base for all other components to work on them. A weakness in user system or improper use of its data may lead to data theft or permanent loss of data. In this library, we have created a basic user system that provides most necessary data about users to be stored such as userID, password, account creation time, etc. and secure functions to manipulate these data and to keep them safe such as "create user", "verification", "password reset" etc. With the help of this library, developers can create their own user database with a few lines without worrying about the underlying implementation. |
+ | <BR> | ||
+ | <h4>Extending User Library</h4> | ||
+ | As already said, the user library in itself is very plain and simple, with the minimum amount of functionality necessary to create a separate library of its own. The functions and data that is stored in the DB, is very limited. Thus, we have created the library keeping in mind that it needs to be extended. The developers wanting more functionality or more data storage needs such as storing names and age of a user, can extend this library and can create their desired functions on top of this. | ||
+ | To extend this library, one can just use the PHP's "extends" keyword, and then can use the DB to store and retrieve data. In their newly created child class, they can add more functions as they see fit. The whole purpose of this library is not to arm developers with all the functions they MIGHT need, but our aim is to provide them with the basic functionality so that they can move on from these tasks to more demanding business. | ||
+ | <BR> | ||
+ | <h4>PHPSEC User Library Implementation</h4> | ||
+ | We have created this user library in the most simplest sense we could, providing the developers functions that are secure and simple to use. Simple functions make this library more open and transparent. Some common functions in this library are: | ||
+ | <BR> | ||
+ | <b> Create a new User: </b>This function is used to create a new user. | ||
+ | <BR> | ||
+ | <b> Get Existing User: </b>This function is used to request object of an existing user from the system. | ||
+ | <BR> | ||
+ | <b> Force Login: </b>Function to validate a user without their credentials. | ||
+ | <BR> | ||
+ | <b> Verify Password: </b>Function to verify a user given string as his password. | ||
+ | <BR> | ||
+ | <b> Reset Password: </b>Function to reset a user's password to some new password. | ||
+ | <BR> | ||
+ | <b> Delete Password: </b>Function to delete a user from a system. | ||
+ | <BR> | ||
+ | <b> Remember Me: </b>Function to imitate the behavior of "remember me" function which allows the users to skip entering their credentials each time they visit the application. | ||
+ | <BR> | ||
+ | <b> Misc Functions: </b>Other functions that provided common functions to user such as "get Account Creation Time" etc and functions necessary for this library to work. | ||
+ | <BR><BR> | ||
+ | <h4>Other Helpful Links</h4> |
Revision as of 09:43, 18 July 2013
Introduction
A User Library is for individual users in a system. This library aims to provide functions that could ease the process of creation, maintenance and termination of users easily and safely. Users are the key component in any web application. Thus storing their identity in the system is of utmost important. The users make a base for all other components to work on them. A weakness in user system or improper use of its data may lead to data theft or permanent loss of data. In this library, we have created a basic user system that provides most necessary data about users to be stored such as userID, password, account creation time, etc. and secure functions to manipulate these data and to keep them safe such as "create user", "verification", "password reset" etc. With the help of this library, developers can create their own user database with a few lines without worrying about the underlying implementation.
Extending User Library
As already said, the user library in itself is very plain and simple, with the minimum amount of functionality necessary to create a separate library of its own. The functions and data that is stored in the DB, is very limited. Thus, we have created the library keeping in mind that it needs to be extended. The developers wanting more functionality or more data storage needs such as storing names and age of a user, can extend this library and can create their desired functions on top of this.
To extend this library, one can just use the PHP's "extends" keyword, and then can use the DB to store and retrieve data. In their newly created child class, they can add more functions as they see fit. The whole purpose of this library is not to arm developers with all the functions they MIGHT need, but our aim is to provide them with the basic functionality so that they can move on from these tasks to more demanding business.
PHPSEC User Library Implementation
We have created this user library in the most simplest sense we could, providing the developers functions that are secure and simple to use. Simple functions make this library more open and transparent. Some common functions in this library are:
Create a new User: This function is used to create a new user.
Get Existing User: This function is used to request object of an existing user from the system.
Force Login: Function to validate a user without their credentials.
Verify Password: Function to verify a user given string as his password.
Reset Password: Function to reset a user's password to some new password.
Delete Password: Function to delete a user from a system.
Remember Me: Function to imitate the behavior of "remember me" function which allows the users to skip entering their credentials each time they visit the application.
Misc Functions: Other functions that provided common functions to user such as "get Account Creation Time" etc and functions necessary for this library to work.